Mobile application security system and method

Abstract

A system for authenticating the user of a computing device comprises an authorized user directory. Each record is uniquely associated with an authorized user and includes at least a computing device ID value that is a globally unique value assigned to the authorized user's computing device, a group of unique depictions such as photographs, an identification of a key depiction. Portions of each image form fiducials recognizable by the user. The record further includes trace pattern verification data representing continuous trace strokes between pairs of the fiducials within the key depiction. To authenticate, the group of images are displayed to the user. The user must first select the key image and secondly trace continuous trace strokes between the pairs of fiducials to match the trace pattern verification data.

Description

TECHNICAL FIELD[0001]The present invention relates to security for applications operating on a computing device and more particularly to authenticating the user of a computing device.BACKGROUND OF THE INVENTION[0002]Authenticating a user of a computing device in order to provide access to to restricted electronic data or access to restricted services such as banking services is critical for securing data and preventing fraud.[0003]The most common system for authenticating a user is to require the user to enter a user ID and password combination. The password is then compared to a valid password that is stored in a secure location in association with the user ID.[0004]If the user ID and password tendered by the user matches the valid password stored in association with the user ID, the user is granted access to the restricted electronic data or systems. On the other hand, if the user ID does not match a valid user ID's or the password does not match the valid password stored in assoc...

AI Technical Summary

Benefits of technology

[0036]The direction verification value may be a function of displacement between at least two coordinate values of the trace pattern verification data which represents the trace stroke. The two coordinates may be sequential. Because a trace stroke may be curved, the function of displacement may also be a function of intermediate coordinates with reflect the curvature. For example, displacement between 1,1 and 4,3 may include intermediate coordinates reflecting more of an over 3, up 2 curve or reflecting more of an up two, over 3 curve.

[0037]Similarly, the measured direction value may be a function of displacement between at least two coordinate values of the captured trace pattern data which represents the trace stroke. Again, the two coordinates may be sequential and again, because a trace stroke may be curved, the function of displacement may also be a function of intermediate coordinates with reflect the curvature. For example, displacement between 1,1 and 4,3 may include intermediate coordinates reflecting more of an over 3, up 2 curve or reflecting more of an up two, over 3 curve.

[0038]For yet additional security: i) each user record of the user directory further includes a unique user ID and password; ii) The computing device further obtains from the user a tendered user ID and tendered password; and iii) the authentication application only provides each depiction of the group of depictions if the tendered user ID and the tendered password, provided by the authenticating computing device, match the user ID and password of the user record with the computing device ID value which matches the device identifier.

Problems solved by technology

On the other hand, if the user ID does not match a valid user ID's or the password does not match the valid password stored in association with the user ID, the user is denied access.

User ID and password systems are not considered the most secure because it is based solely on the person purporting to be the authorized user having knowledge of the user ID and password.

Because certain biometric characteristics that are typically used for security are unique to each individual, it is extremely difficult for a different person replicate the biometric characteristic of the authentic user.

A challenge with use of biometrics for security and to restrict access to services is that biometric measuring devices are expensive and most biometric measuring devices are no readily portable.

More specifically, although the operator of a fraudulent web site can replicate the genuine website to induce the person to enter his or her user ID, the operator of the fraudulent website does not have access to the user's personally selected site key picture and therefore cannot replicate the genuine site's ability to display the personally selected site key in association with prompting the user to enter his or her password.

Because the typical user becomes accustomed to using the two step log-in process and seeing his / her personally selected site key picture on the genuine web site, the lack of two step log in process and / or the lack of seeing the personally selected site key on a fraudulent web site make its obvious to the user that the website may not be genuine and that he or she should not provide their password.

Images